LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat
Reload this Page Exploit CVE-2010-3081
User Name
Password
Red Hat This forum is for the discussion of Red Hat Linux.

Notices


Reply
  Search this Thread
Old 09-20-2010, 10:33 PM   #1
_root_
LQ Newbie
 
Registered: Sep 2010
Location: Tokyo, Japan
Posts: 3

Rep: Reputation: 0
Exploit CVE-2010-3081

I feel a bit confused about the dangerous exploit CVE-2010-3081.

Redhat says that 64b kernels from April 2008 may be affected, from 2.6.26-rc1 to 2.6.36-rc4. (redhat security notice)

I installed my RHEL 5.3 in Summer 2009, and the `uname -a` command returns 2.6.18-164.9.1.el5.

Does it mean my kernel is not affected (since 2.6.18 < 2.6.26) ?

and while the installation in Summer 2009 was done with the latest RHEL version available at the time, 5.3...
Last edited by _root_; 09-21-2010 at 12:33 AM.
 
Old 09-21-2010, 12:54 AM   #2
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: McCalla, AL, USA
Distribution: Arch, Gentoo
Posts: 6,940

Rep: Reputation: 129Reputation: 129
Issue "zgrep CONFIG_IA32_EMULATION /proc/config.gz" and if it returns:
Code:
CONFIG_IA32_EMULATION=y
you're vulnerable.

Of course, since your OS is from RedHat you might have to
search a bit for your .config ... maybe in /boot/ ?
 
1 members found this post helpful.
Old 09-21-2010, 01:54 AM   #3
_root_
LQ Newbie
 
Registered: Sep 2010
Location: Tokyo, Japan
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks. The config files are in /boot as you suggested.
Code:
config-2.6.18-194.11.3.el5:CONFIG_IA32_EMULATION=y
config-2.6.18-194.11.3.el5xen:CONFIG_IA32_EMULATION=y
And, unfortunately, it seems we have a problem.

So why do we have that restriction on kernels on the RH website?
Quote:
The flaw identified by CVE-2010-3081 describes an issue in the 32/64-bit compatibility layer implementation in the Linux kernel, versions 2.6.26-rc1 to 2.6.36-rc4.
Doesn't it mean we use the 32b emulator, that may not have the flaw?
Last edited by _root_; 09-21-2010 at 02:01 AM.
 
Old 09-22-2010, 11:13 AM   #4
Bruce Hill
HCL Maintainer
 
Registered: Jun 2003
Location: McCalla, AL, USA
Distribution: Arch, Gentoo
Posts: 6,940

Rep: Reputation: 129Reputation: 129
Not sure I understand your question, but I would expect RedHat to release kernels
with that vulnerability patched. And by the way ...

Welcome to LQ!

And don't take the name of root in vain!
 
Old 09-22-2010, 11:53 AM   #5
ysg
LQ Newbie
 
Registered: Nov 2007
Distribution: Slackware 13.37 (64-bit on desktop, 32-bit on netbook)
Posts: 17

Rep: Reputation: 0
Red Hat uses older kernels than a lot of distributions and then patches them. The kernel you're using (2.6.18) was first released in 2006 and would not be effected by this unless Red Hat patched the problem in later. Which, from reading their security notice it looks like they DID.

Quote:
Originally Posted by Red Hat
Red Hat Enterprise Linux 5

This issue affects the 64-bit versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5, as they include a backport of the upstream git commit 42908c69, which introduced the compat_mc_getsockopt() function that a local, unprivileged user can use to abuse the compat_alloc_user_space() call to escalate their privileges.

So you'll need to apply the update from Red Hat to fix this. It's also mentioned on that page.

Quote:
Originally Posted by Red Hat
Solution

This issue has been fixed in Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 5.4 Extended Update Support via the Red Hat Security Advisories RHSA-2010:0704 and RHSA-2010:0705 respectively. Future updates will address this issue for Red Hat Enterprise Linux 4 and Red Hat Enterprise MRG.
 
Old 09-22-2010, 11:34 PM   #6
_root_
LQ Newbie
 
Registered: Sep 2010
Location: Tokyo, Japan
Posts: 3

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by ysg View Post
Red Hat patched the problem in later. So you'll need to apply the update from Red Hat to fix this. It's also mentioned on that page.
Thanks, it is clear now.

Quote:
Originally Posted by Bruce Hill View Post
And don't take the name of root in vain!
Well, that's the easiest hack I ever had to do to become root on a system ;-)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
install php 5.2 on 2010.0/2010.1 secretlydead Mandriva 3 07-08-2010 09:45 PM
shoud i update the kernel bease of the CVE-2008-2358? dreamhat Linux - Newbie 1 07-04-2008 09:33 AM
Patch of vulnerability CVE:2007-5001 nnetala Linux - Newbie 0 06-26-2008 03:27 AM
CVE-2008-0009/0010/0600 (Linux Privilege Escalation Vulnerabilities) jayjwa Linux - Security 14 02-21-2008 06:50 AM
|more exploit Benamoz Linux - General 3 09-03-2003 04:59 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Red Hat

All times are GMT -5. The time now is 08:47 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration